2 * Routines for packet disassembly
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
35 #include "timestamp.h"
37 #include "osi-utils.h"
40 #include "addr_resolv.h"
42 #include "epan_dissect.h"
44 #include "wmem/wmem.h"
46 #include <epan/exceptions.h>
47 #include <epan/reassemble.h>
48 #include <epan/stream.h>
49 #include <epan/expert.h>
50 #include <epan/range.h>
51 #include <epan/asm_utils.h>
53 #include <wsutil/str_util.h>
55 static gint proto_malformed = -1;
56 static dissector_handle_t frame_handle = NULL;
57 static dissector_handle_t file_handle = NULL;
58 static dissector_handle_t data_handle = NULL;
62 * Has a tvbuff and a name.
72 * "hash_table" is a hash table, indexed by port number, supplying
73 * a "struct dtbl_entry"; it records what dissector is assigned to
74 * that uint or string value in that table.
76 * "dissector_handles" is a list of all dissectors that *could* be
77 * used in that table; not all of them are necessarily in the table,
78 * as they may be for protocols that don't have a fixed uint value,
79 * e.g. for TCP or UDP port number tables and protocols with no fixed
82 * "ui_name" is the name the dissector table has in the user interface.
84 * "type" is a field type giving the width of the uint value for that
85 * dissector table, if it's a uint dissector table.
87 * "param" is the base in which to display the uint value for that
88 * dissector table, if it's a uint dissector table, or if it's a string
89 * table, TRUE/FALSE to indicate case-insensitive or not.
91 * "protocol" is the protocol associated with the dissector table. Used
92 * for determining dependencies.
94 struct dissector_table {
95 GHashTable *hash_table;
96 GSList *dissector_handles;
100 protocol_t *protocol;
102 dissector_table_allow_e allow_dup_proto; /* XXX - Could be converted to a flag-like field */
105 static GHashTable *dissector_tables = NULL;
108 * List of registered dissectors.
110 static GHashTable *registered_dissectors = NULL;
113 * A dissector dependency list.
115 struct depend_dissector_list {
119 /* Maps char *dissector_name to depend_dissector_list_t */
120 static GHashTable *depend_dissector_lists = NULL;
123 destroy_depend_dissector_list(void *data)
125 depend_dissector_list_t dissector_list = (depend_dissector_list_t)data;
126 GSList **list = &(dissector_list->dissectors);
128 g_slist_foreach(*list, (GFunc)g_free, NULL);
130 g_slice_free(struct depend_dissector_list, dissector_list);
134 * A heuristics dissector list.
136 struct heur_dissector_list {
137 protocol_t *protocol;
141 static GHashTable *heur_dissector_lists = NULL;
143 /* Name hashtables for fast detection of duplicate names */
144 static GHashTable* heuristic_short_names = NULL;
147 destroy_heuristic_dissector_entry(gpointer data, gpointer user_data _U_)
149 g_free(((heur_dtbl_entry_t*)data)->list_name);
150 g_slice_free(heur_dtbl_entry_t, data);
154 destroy_heuristic_dissector_list(void *data)
156 heur_dissector_list_t dissector_list = (heur_dissector_list_t)data;
157 GSList **list = &(dissector_list->dissectors);
159 g_slist_foreach(*list, destroy_heuristic_dissector_entry, NULL);
161 g_slice_free(struct heur_dissector_list, dissector_list);
165 destroy_dissector_table(void *data)
167 struct dissector_table *table = (struct dissector_table *)data;
169 g_hash_table_destroy(table->hash_table);
170 g_slist_free(table->dissector_handles);
171 g_slice_free(struct dissector_table, data);
177 dissector_tables = g_hash_table_new_full(g_str_hash, g_str_equal,
178 NULL, destroy_dissector_table);
180 registered_dissectors = g_hash_table_new_full(g_str_hash, g_str_equal,
183 depend_dissector_lists = g_hash_table_new_full(g_str_hash, g_str_equal,
184 g_free, destroy_depend_dissector_list);
186 heur_dissector_lists = g_hash_table_new_full(g_str_hash, g_str_equal,
187 NULL, destroy_heuristic_dissector_list);
189 heuristic_short_names = g_hash_table_new(wrs_str_hash, g_str_equal);
193 packet_cache_proto_handles(void)
195 frame_handle = find_dissector("frame");
196 g_assert(frame_handle != NULL);
198 file_handle = find_dissector("file");
199 g_assert(file_handle != NULL);
201 data_handle = find_dissector("data");
202 g_assert(data_handle != NULL);
204 proto_malformed = proto_get_id_by_filter_name("_ws.malformed");
205 g_assert(proto_malformed != -1);
211 g_hash_table_destroy(dissector_tables);
212 g_hash_table_destroy(registered_dissectors);
213 g_hash_table_destroy(depend_dissector_lists);
214 g_hash_table_destroy(heur_dissector_lists);
215 g_hash_table_destroy(heuristic_short_names);
219 * Given a tvbuff, and a length from a packet header, adjust the length
220 * of the tvbuff to reflect the specified length.
223 set_actual_length(tvbuff_t *tvb, const guint specified_len)
225 if (specified_len < tvb_reported_length(tvb)) {
226 /* Adjust the length of this tvbuff to include only the specified
229 The dissector above the one calling us (the dissector above is
230 probably us) may use that to determine how much of its packet
232 tvb_set_reported_length(tvb, specified_len);
236 /* List of routines that are called before we make a pass through a capture file
237 * and dissect all its packets. See register_init_routine and
238 * register_cleanup_routine in packet.h */
239 static GSList *init_routines;
240 static GSList *cleanup_routines;
243 register_init_routine(void (*func)(void))
245 init_routines = g_slist_prepend(init_routines, (gpointer)func);
249 register_cleanup_routine(void (*func)(void))
251 cleanup_routines = g_slist_prepend(cleanup_routines, (gpointer)func);
254 typedef void (*void_func_t)(void);
256 /* Initialize all data structures used for dissection. */
258 call_routine(gpointer routine, gpointer dummy _U_)
260 void_func_t func = (void_func_t)routine;
265 init_dissection(void)
267 wmem_enter_file_scope();
270 * Reinitialize resolution information. We do initialization here in
271 * case we need to resolve between captures.
273 host_name_lookup_init();
275 /* Initialize the table of conversations. */
276 epan_conversation_init();
278 /* Initialize the table of circuits. */
281 /* Initialize protocol-specific variables. */
282 g_slist_foreach(init_routines, &call_routine, NULL);
284 /* Initialize the stream-handling tables */
287 /* Initialize the expert infos */
288 expert_packet_init();
292 cleanup_dissection(void)
294 /* Cleanup the table of conversations. Do this before freeing seasonal
295 * memory (at least until conversation's use of g_slist is changed).
297 epan_conversation_cleanup();
299 /* Cleanup the table of circuits. */
300 epan_circuit_cleanup();
302 /* Cleanup protocol-specific variables. */
303 g_slist_foreach(cleanup_routines, &call_routine, NULL);
305 /* Cleanup the stream-handling tables */
308 /* Cleanup the expert infos */
309 expert_packet_cleanup();
311 wmem_leave_file_scope();
314 * Reinitialize resolution information. We do initialization here in
315 * case we need to resolve between captures.
317 host_name_lookup_cleanup();
320 /* Allow protocols to register a "cleanup" routine to be
321 * run after the initial sequential run through the packets.
322 * Note that the file can still be open after this; this is not
323 * the final cleanup. */
324 static GSList *postseq_cleanup_routines;
327 register_postseq_cleanup_routine(void_func_t func)
329 postseq_cleanup_routines = g_slist_prepend(postseq_cleanup_routines,
333 /* Call all the registered "postseq_cleanup" routines. */
335 call_postseq_cleanup_routine(gpointer routine, gpointer dummy _U_)
337 void_func_t func = (void_func_t)routine;
342 postseq_cleanup_all_protocols(void)
344 g_slist_foreach(postseq_cleanup_routines,
345 &call_postseq_cleanup_routine, NULL);
349 * Add a new data source to the list of data sources for a frame, given
350 * the tvbuff for the data source and its name.
353 add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, const char *name)
355 struct data_source *src;
357 src = g_slice_new(struct data_source);
359 src->name = g_strdup(name);
360 /* This could end up slow, but we should never have that many data
361 * sources so it probably doesn't matter */
362 pinfo->data_src = g_slist_append(pinfo->data_src, src);
366 remove_last_data_source(packet_info *pinfo)
368 struct data_source *src;
371 last = g_slist_last(pinfo->data_src);
372 src = (struct data_source *)last->data;
373 pinfo->data_src = g_slist_delete_link(pinfo->data_src, last);
375 g_slice_free(struct data_source, src);
379 get_data_source_name(const struct data_source *src)
381 guint length = tvb_captured_length(src->tvb);
383 return wmem_strdup_printf(NULL, "%s (%u byte%s)", src->name, length,
384 plurality(length, "", "s"));
388 get_data_source_tvb(const struct data_source *src)
394 * Free up a frame's list of data sources.
397 free_data_sources(packet_info *pinfo)
399 if (pinfo->data_src) {
402 for (l = pinfo->data_src; l; l = l->next) {
403 struct data_source *src = (struct data_source *)l->data;
406 g_slice_free(struct data_source, src);
408 g_slist_free(pinfo->data_src);
409 pinfo->data_src = NULL;
414 mark_frame_as_depended_upon(packet_info *pinfo, guint32 frame_num)
416 /* Don't mark a frame as dependent on itself */
417 if (frame_num != pinfo->num) {
418 pinfo->dependent_frames = g_slist_prepend(pinfo->dependent_frames, GUINT_TO_POINTER(frame_num));
422 /* Allow dissectors to register a "final_registration" routine
423 * that is run like the proto_register_XXX() routine, but at the
424 * end of the epan_init() function; that is, *after* all other
425 * subsystems, like dfilters, have finished initializing. This is
426 * useful for dissector registration routines which need to compile
427 * display filters. dfilters can't initialize itself until all protocols
428 * have registered themselves. */
429 static GSList *final_registration_routines;
432 register_final_registration_routine(void (*func)(void))
434 final_registration_routines = g_slist_prepend(final_registration_routines,
438 /* Call all the registered "final_registration" routines. */
440 call_final_registration_routine(gpointer routine, gpointer dummy _U_)
442 void_func_t func = (void_func_t)routine;
448 final_registration_all_protocols(void)
450 g_slist_foreach(final_registration_routines,
451 &call_final_registration_routine, NULL);
455 /* Creates the top-most tvbuff and calls dissect_frame() */
457 dissect_record(epan_dissect_t *edt, int file_type_subtype,
458 struct wtap_pkthdr *phdr, tvbuff_t *tvb, frame_data *fd, column_info *cinfo)
460 const char *volatile record_type;
461 frame_data_t frame_dissector_data;
463 switch (phdr->rec_type) {
465 case REC_TYPE_PACKET:
466 record_type = "Frame";
469 case REC_TYPE_FT_SPECIFIC_EVENT:
470 record_type = "Event";
473 case REC_TYPE_FT_SPECIFIC_REPORT:
474 record_type = "Report";
477 case REC_TYPE_SYSCALL:
478 record_type = "System Call";
483 * XXX - if we add record types that shouldn't be
484 * dissected and displayed, but that need to at
485 * least be processed somewhere, we need to somehow
486 * indicate that to our caller.
488 g_assert_not_reached();
493 col_init(cinfo, edt->session);
494 edt->pi.epan = edt->session;
495 /* edt->pi.pool created in epan_dissect_init() */
496 edt->pi.current_proto = "<Missing Protocol Name>";
497 edt->pi.cinfo = cinfo;
498 edt->pi.presence_flags = 0;
499 edt->pi.num = fd->num;
500 if (fd->flags.has_ts) {
501 edt->pi.presence_flags |= PINFO_HAS_TS;
502 edt->pi.abs_ts = fd->abs_ts;
504 edt->pi.pkt_encap = phdr->pkt_encap;
507 edt->pi.pseudo_header = &phdr->pseudo_header;
508 clear_address(&edt->pi.dl_src);
509 clear_address(&edt->pi.dl_dst);
510 clear_address(&edt->pi.net_src);
511 clear_address(&edt->pi.net_dst);
512 clear_address(&edt->pi.src);
513 clear_address(&edt->pi.dst);
514 edt->pi.ctype = CT_NONE;
515 edt->pi.noreassembly_reason = "";
516 edt->pi.ptype = PT_NONE;
517 edt->pi.p2p_dir = P2P_DIR_UNKNOWN;
518 edt->pi.link_dir = LINK_DIR_UNKNOWN;
519 edt->pi.layers = wmem_list_new(edt->pi.pool);
523 frame_delta_abs_time(edt->session, fd, fd->frame_ref_num, &edt->pi.rel_ts);
525 /* pkt comment use first user, later from phdr */
526 if (fd->flags.has_user_comment)
527 frame_dissector_data.pkt_comment = epan_get_user_comment(edt->session, fd);
528 else if (fd->flags.has_phdr_comment)
529 frame_dissector_data.pkt_comment = phdr->opt_comment;
531 frame_dissector_data.pkt_comment = NULL;
532 frame_dissector_data.file_type_subtype = file_type_subtype;
533 frame_dissector_data.color_edt = edt; /* Used strictly for "coloring rules" */
536 /* Add this tvbuffer into the data_src list */
537 add_new_data_source(&edt->pi, edt->tvb, record_type);
539 /* Even though dissect_frame() catches all the exceptions a
540 * sub-dissector can throw, dissect_frame() itself may throw
541 * a ReportedBoundsError in bizarre cases. Thus, we catch the exception
542 * in this function. */
543 call_dissector_with_data(frame_handle, edt->tvb, &edt->pi, edt->tree, &frame_dissector_data);
546 g_assert_not_reached();
548 CATCH2(FragmentBoundsError, ReportedBoundsError) {
549 proto_tree_add_protocol_format(edt->tree, proto_malformed, edt->tvb, 0, 0,
550 "[Malformed %s: Packet Length]",
555 fd->flags.visited = 1;
558 /* Creates the top-most tvbuff and calls dissect_file() */
560 dissect_file(epan_dissect_t *edt, struct wtap_pkthdr *phdr,
561 tvbuff_t *tvb, frame_data *fd, column_info *cinfo)
563 file_data_t file_dissector_data;
566 col_init(cinfo, edt->session);
567 edt->pi.epan = edt->session;
568 /* edt->pi.pool created in epan_dissect_init() */
569 edt->pi.current_proto = "<Missing Filetype Name>";
570 edt->pi.cinfo = cinfo;
573 edt->pi.pseudo_header = &phdr->pseudo_header;
574 clear_address(&edt->pi.dl_src);
575 clear_address(&edt->pi.dl_dst);
576 clear_address(&edt->pi.net_src);
577 clear_address(&edt->pi.net_dst);
578 clear_address(&edt->pi.src);
579 clear_address(&edt->pi.dst);
580 edt->pi.ctype = CT_NONE;
581 edt->pi.noreassembly_reason = "";
582 edt->pi.ptype = PT_NONE;
583 edt->pi.p2p_dir = P2P_DIR_UNKNOWN;
584 edt->pi.link_dir = LINK_DIR_UNKNOWN;
585 edt->pi.layers = wmem_list_new(edt->pi.pool);
589 frame_delta_abs_time(edt->session, fd, fd->frame_ref_num, &edt->pi.rel_ts);
593 /* pkt comment use first user, later from phdr */
594 if (fd->flags.has_user_comment)
595 file_dissector_data.pkt_comment = epan_get_user_comment(edt->session, fd);
596 else if (fd->flags.has_phdr_comment)
597 file_dissector_data.pkt_comment = phdr->opt_comment;
599 file_dissector_data.pkt_comment = NULL;
600 file_dissector_data.color_edt = edt; /* Used strictly for "coloring rules" */
603 /* Add this tvbuffer into the data_src list */
604 add_new_data_source(&edt->pi, edt->tvb, "File");
606 /* Even though dissect_file() catches all the exceptions a
607 * sub-dissector can throw, dissect_frame() itself may throw
608 * a ReportedBoundsError in bizarre cases. Thus, we catch the exception
609 * in this function. */
610 call_dissector_with_data(file_handle, edt->tvb, &edt->pi, edt->tree, &file_dissector_data);
614 g_assert_not_reached();
616 CATCH2(FragmentBoundsError, ReportedBoundsError) {
617 proto_tree_add_protocol_format(edt->tree, proto_malformed, edt->tvb, 0, 0,
618 "[Malformed Record: Packet Length]" );
622 fd->flags.visited = 1;
625 /*********************** code added for sub-dissector lookup *********************/
628 * A dissector handle.
630 struct dissector_handle {
631 const char *name; /* dissector name */
632 dissector_t dissector;
633 protocol_t *protocol;
636 /* This function will return
637 * old style dissector :
638 * length of the payload or 1 of the payload is empty
640 * >0 this protocol was successfully dissected and this was this protocol.
641 * 0 this packet did not match this protocol.
643 * The only time this function will return 0 is if it is a new style dissector
644 * and if the dissector rejected the packet.
647 call_dissector_through_handle(dissector_handle_t handle, tvbuff_t *tvb,
648 packet_info *pinfo, proto_tree *tree, void *data)
650 const char *saved_proto;
653 saved_proto = pinfo->current_proto;
655 if (handle->protocol != NULL) {
656 pinfo->current_proto =
657 proto_get_protocol_short_name(handle->protocol);
660 len = (*handle->dissector)(tvb, pinfo, tree, data);
661 pinfo->current_proto = saved_proto;
667 * Call a dissector through a handle.
668 * If the protocol for that handle isn't enabled, return 0 without
669 * calling the dissector.
670 * Otherwise, if the handle refers to a new-style dissector, call the
671 * dissector and return its return value, otherwise call it and return
672 * the length of the tvbuff pointed to by the argument.
676 call_dissector_work_error(dissector_handle_t handle, tvbuff_t *tvb,
677 packet_info *pinfo_arg, proto_tree *tree, void *);
680 call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo_arg,
681 proto_tree *tree, gboolean add_proto_name, void *data)
683 packet_info *pinfo = pinfo_arg;
684 const char *saved_proto;
685 guint16 saved_can_desegment;
687 guint saved_layers_len = 0;
689 if (handle->protocol != NULL &&
690 !proto_is_protocol_enabled(handle->protocol)) {
692 * The protocol isn't enabled.
697 saved_proto = pinfo->current_proto;
698 saved_can_desegment = pinfo->can_desegment;
699 saved_layers_len = wmem_list_count(pinfo->layers);
702 * can_desegment is set to 2 by anyone which offers the
703 * desegmentation api/service.
704 * Then everytime a subdissector is called it is decremented
706 * Thus only the subdissector immediately on top of whoever
707 * offers this service can use it.
708 * We save the current value of "can_desegment" for the
709 * benefit of TCP proxying dissectors such as SOCKS, so they
710 * can restore it and allow the dissectors they call to use
711 * the desegmentation service.
713 pinfo->saved_can_desegment = saved_can_desegment;
714 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
715 if (handle->protocol != NULL) {
716 pinfo->current_proto =
717 proto_get_protocol_short_name(handle->protocol);
720 * Add the protocol name to the layers
721 * if not told not to. Asn2wrs generated dissectors may be added multiple times otherwise.
723 if (add_proto_name) {
724 pinfo->curr_layer_num++;
725 wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_get_id(handle->protocol)));
729 if (pinfo->flags.in_error_pkt) {
730 len = call_dissector_work_error(handle, tvb, pinfo, tree, data);
733 * Just call the subdissector.
735 len = call_dissector_through_handle(handle, tvb, pinfo, tree, data);
739 * That dissector didn't accept the packet, so
740 * remove its protocol's name from the list
743 while (wmem_list_count(pinfo->layers) > saved_layers_len) {
744 wmem_list_remove_frame(pinfo->layers, wmem_list_tail(pinfo->layers));
747 pinfo->current_proto = saved_proto;
748 pinfo->can_desegment = saved_can_desegment;
754 call_dissector_work_error(dissector_handle_t handle, tvbuff_t *tvb,
755 packet_info *pinfo_arg, proto_tree *tree, void *data)
757 packet_info *pinfo = pinfo_arg;
758 const char *saved_proto;
759 guint16 saved_can_desegment;
760 volatile int len = 0;
761 gboolean save_writable;
764 address save_net_src;
765 address save_net_dst;
770 * This isn't a packet being transported inside
771 * the protocol whose dissector is calling us,
772 * it's a copy of a packet that caused an error
773 * in some protocol included in a packet that
774 * reports the error (e.g., an ICMP Unreachable
779 * Save the current state of the writability of
780 * the columns, and restore them after the
781 * dissector returns, so that the columns
782 * don't reflect the packet that got the error,
783 * they reflect the packet that reported the
786 saved_proto = pinfo->current_proto;
787 saved_can_desegment = pinfo->can_desegment;
789 save_writable = col_get_writable(pinfo->cinfo, -1);
790 col_set_writable(pinfo->cinfo, -1, FALSE);
791 copy_address_shallow(&save_dl_src, &pinfo->dl_src);
792 copy_address_shallow(&save_dl_dst, &pinfo->dl_dst);
793 copy_address_shallow(&save_net_src, &pinfo->net_src);
794 copy_address_shallow(&save_net_dst, &pinfo->net_dst);
795 copy_address_shallow(&save_src, &pinfo->src);
796 copy_address_shallow(&save_dst, &pinfo->dst);
798 /* Dissect the contained packet. */
800 len = call_dissector_through_handle(handle, tvb,pinfo, tree, data);
804 * Restore the column writability and addresses.
806 col_set_writable(pinfo->cinfo, -1, save_writable);
807 copy_address_shallow(&pinfo->dl_src, &save_dl_src);
808 copy_address_shallow(&pinfo->dl_dst, &save_dl_dst);
809 copy_address_shallow(&pinfo->net_src, &save_net_src);
810 copy_address_shallow(&pinfo->net_dst, &save_net_dst);
811 copy_address_shallow(&pinfo->src, &save_src);
812 copy_address_shallow(&pinfo->dst, &save_dst);
815 * Restore the current protocol, so any
816 * "Short Frame" indication reflects that
817 * protocol, not the protocol for the
818 * packet that got the error.
820 pinfo->current_proto = saved_proto;
823 * Restore the desegmentability state.
825 pinfo->can_desegment = saved_can_desegment;
828 * Rethrow the exception, so this will be
829 * reported as a short frame.
833 CATCH2(FragmentBoundsError, ReportedBoundsError) {
835 * "ret" wasn't set because an exception was thrown
836 * before "call_dissector_through_handle()" returned.
837 * As it called something, at least one dissector
838 * accepted the packet, and, as an exception was
839 * thrown, not only was all the tvbuff dissected,
840 * a dissector tried dissecting past the end of
841 * the data in some tvbuff, so we'll assume that
842 * the entire tvbuff was dissected.
844 len = tvb_captured_length(tvb);
848 col_set_writable(pinfo->cinfo, -1, save_writable);
849 copy_address_shallow(&pinfo->dl_src, &save_dl_src);
850 copy_address_shallow(&pinfo->dl_dst, &save_dl_dst);
851 copy_address_shallow(&pinfo->net_src, &save_net_src);
852 copy_address_shallow(&pinfo->net_dst, &save_net_dst);
853 copy_address_shallow(&pinfo->src, &save_src);
854 copy_address_shallow(&pinfo->dst, &save_dst);
855 pinfo->want_pdu_tracking = 0;
860 * An entry in the hash table portion of a dissector table.
863 dissector_handle_t initial;
864 dissector_handle_t current;
867 /* Finds a dissector table by table name. */
869 find_dissector_table(const char *name)
871 return (dissector_table_t)g_hash_table_lookup( dissector_tables, name );
874 /* Find an entry in a uint dissector table. */
875 static dtbl_entry_t *
876 find_uint_dtbl_entry(dissector_table_t sub_dissectors, const guint32 pattern)
878 switch (sub_dissectors->type) {
885 * You can do a uint lookup in these tables.
891 * But you can't do a uint lookup in any other types
894 g_assert_not_reached();
900 return (dtbl_entry_t *)g_hash_table_lookup(sub_dissectors->hash_table,
901 GUINT_TO_POINTER(pattern));
906 dissector_add_uint_sanity_check(const char *name, guint32 pattern, dissector_handle_t handle, dissector_table_t sub_dissectors)
908 dtbl_entry_t *dtbl_entry;
911 g_warning("%s: %s registering using a pattern of 0",
912 name, proto_get_protocol_filter_name(proto_get_id(handle->protocol)));
915 dtbl_entry = g_hash_table_lookup(sub_dissectors->hash_table, GUINT_TO_POINTER(pattern));
916 if (dtbl_entry != NULL) {
917 g_warning("%s: %s registering using pattern %d already registered by %s",
918 name, proto_get_protocol_filter_name(proto_get_id(handle->protocol)),
919 pattern, proto_get_protocol_filter_name(proto_get_id(dtbl_entry->initial->protocol)));
924 /* Add an entry to a uint dissector table. */
926 dissector_add_uint(const char *name, const guint32 pattern, dissector_handle_t handle)
928 dissector_table_t sub_dissectors;
929 dtbl_entry_t *dtbl_entry;
931 sub_dissectors = find_dissector_table(name);
934 * Make sure the handle and the dissector table exist.
936 if (handle == NULL) {
937 fprintf(stderr, "OOPS: handle to register \"%s\" to doesn't exist\n",
939 if (getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL)
943 if (sub_dissectors == NULL) {
944 fprintf(stderr, "OOPS: dissector table \"%s\" doesn't exist\n",
946 fprintf(stderr, "Protocol being registered is \"%s\"\n",
947 proto_get_protocol_long_name(handle->protocol));
948 if (getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL)
953 switch (sub_dissectors->type) {
960 * You can do a uint lookup in these tables.
966 * But you can't do a uint lookup in any other types
969 g_assert_not_reached();
973 dissector_add_uint_sanity_check(name, pattern, handle, sub_dissectors);
976 dtbl_entry = (dtbl_entry_t *)g_malloc(sizeof (dtbl_entry_t));
977 dtbl_entry->current = handle;
978 dtbl_entry->initial = dtbl_entry->current;
980 /* do the table insertion */
981 g_hash_table_insert( sub_dissectors->hash_table,
982 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
985 * Now add it to the list of handles that could be used for
986 * "Decode As" with this table, because it *is* being used
989 dissector_add_for_decode_as(name, handle);
994 void dissector_add_uint_range(const char *abbrev, range_t *range,
995 dissector_handle_t handle)
1000 for (i = 0; i < range->nranges; i++) {
1001 for (j = range->ranges[i].low; j < range->ranges[i].high; j++)
1002 dissector_add_uint(abbrev, j, handle);
1003 dissector_add_uint(abbrev, range->ranges[i].high, handle);
1008 /* Delete the entry for a dissector in a uint dissector table
1009 with a particular pattern. */
1011 /* NOTE: this doesn't use the dissector call variable. It is included to */
1012 /* be consistant with the dissector_add_uint and more importantly to be used */
1013 /* if the technique of adding a temporary dissector is implemented. */
1014 /* If temporary dissectors are deleted, then the original dissector must */
1017 dissector_delete_uint(const char *name, const guint32 pattern,
1018 dissector_handle_t handle _U_)
1020 dissector_table_t sub_dissectors = find_dissector_table( name);
1021 dtbl_entry_t *dtbl_entry;
1024 g_assert( sub_dissectors);
1029 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
1031 if (dtbl_entry != NULL) {
1033 * Found - remove it.
1035 g_hash_table_remove(sub_dissectors->hash_table,
1036 GUINT_TO_POINTER(pattern));
1040 void dissector_delete_uint_range(const char *abbrev, range_t *range,
1041 dissector_handle_t handle)
1046 for (i = 0; i < range->nranges; i++) {
1047 for (j = range->ranges[i].low; j < range->ranges[i].high; j++)
1048 dissector_delete_uint(abbrev, j, handle);
1049 dissector_delete_uint(abbrev, range->ranges[i].high, handle);
1055 dissector_delete_all_check (gpointer key _U_, gpointer value, gpointer user_data)
1057 dtbl_entry_t *dtbl_entry = (dtbl_entry_t *) value;
1058 dissector_handle_t handle = (dissector_handle_t) user_data;
1060 if (!dtbl_entry->current->protocol) {
1062 * Not all dissectors are registered with a protocol, so we need this
1063 * check when running from dissector_delete_from_all_tables.
1068 return (proto_get_id (dtbl_entry->current->protocol) == proto_get_id (handle->protocol));
1071 /* Delete all entries from a dissector table. */
1072 void dissector_delete_all(const char *name, dissector_handle_t handle)
1074 dissector_table_t sub_dissectors = find_dissector_table(name);
1075 g_assert (sub_dissectors);
1077 g_hash_table_foreach_remove (sub_dissectors->hash_table, dissector_delete_all_check, handle);
1081 dissector_delete_from_table(gpointer key _U_, gpointer value, gpointer user_data)
1083 dissector_table_t sub_dissectors = (dissector_table_t) value;
1084 g_assert (sub_dissectors);
1086 g_hash_table_foreach_remove(sub_dissectors->hash_table, dissector_delete_all_check, user_data);
1087 sub_dissectors->dissector_handles = g_slist_remove(sub_dissectors->dissector_handles, user_data);
1090 /* Delete handle from all tables and dissector_handles lists */
1092 dissector_delete_from_all_tables(dissector_handle_t handle)
1094 g_hash_table_foreach(dissector_tables, dissector_delete_from_table, handle);
1097 /* Change the entry for a dissector in a uint dissector table
1098 with a particular pattern to use a new dissector handle. */
1100 dissector_change_uint(const char *name, const guint32 pattern, dissector_handle_t handle)
1102 dissector_table_t sub_dissectors = find_dissector_table( name);
1103 dtbl_entry_t *dtbl_entry;
1106 g_assert( sub_dissectors);
1109 * See if the entry already exists. If so, reuse it.
1111 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
1112 if (dtbl_entry != NULL) {
1113 dtbl_entry->current = handle;
1118 * Don't create an entry if there is no dissector handle - I.E. the
1119 * user said not to decode something that wasn't being decoded
1120 * in the first place.
1125 dtbl_entry = (dtbl_entry_t *)g_malloc(sizeof (dtbl_entry_t));
1126 dtbl_entry->initial = NULL;
1127 dtbl_entry->current = handle;
1129 /* do the table insertion */
1130 g_hash_table_insert( sub_dissectors->hash_table,
1131 GUINT_TO_POINTER( pattern), (gpointer)dtbl_entry);
1134 /* Reset an entry in a uint dissector table to its initial value. */
1136 dissector_reset_uint(const char *name, const guint32 pattern)
1138 dissector_table_t sub_dissectors = find_dissector_table( name);
1139 dtbl_entry_t *dtbl_entry;
1142 g_assert( sub_dissectors);
1147 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, pattern);
1149 if (dtbl_entry == NULL)
1153 * Found - is there an initial value?
1155 if (dtbl_entry->initial != NULL) {
1156 dtbl_entry->current = dtbl_entry->initial;
1158 g_hash_table_remove(sub_dissectors->hash_table,
1159 GUINT_TO_POINTER(pattern));
1163 /* Look for a given value in a given uint dissector table and, if found,
1164 call the dissector with the arguments supplied, and return TRUE,
1165 otherwise return FALSE. */
1168 dissector_try_uint_new(dissector_table_t sub_dissectors, const guint32 uint_val,
1169 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
1170 const gboolean add_proto_name, void *data)
1172 dtbl_entry_t *dtbl_entry;
1173 struct dissector_handle *handle;
1174 guint32 saved_match_uint;
1177 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, uint_val);
1178 if (dtbl_entry != NULL) {
1180 * Is there currently a dissector handle for this entry?
1182 handle = dtbl_entry->current;
1183 if (handle == NULL) {
1185 * No - pretend this dissector didn't exist,
1186 * so that other dissectors might have a chance
1187 * to dissect this packet.
1193 * Save the current value of "pinfo->match_uint",
1194 * set it to the uint_val that matched, call the
1195 * dissector, and restore "pinfo->match_uint".
1197 saved_match_uint = pinfo->match_uint;
1198 pinfo->match_uint = uint_val;
1199 len = call_dissector_work(handle, tvb, pinfo, tree, add_proto_name, data);
1200 pinfo->match_uint = saved_match_uint;
1203 * If a new-style dissector returned 0, it means that
1204 * it didn't think this tvbuff represented a packet for
1205 * its protocol, and didn't dissect anything.
1207 * Old-style dissectors can't reject the packet.
1209 * 0 is also returned if the protocol wasn't enabled.
1211 * If the packet was rejected, we return 0, so that
1212 * other dissectors might have a chance to dissect this
1213 * packet, otherwise we return the dissected length.
1221 dissector_try_uint(dissector_table_t sub_dissectors, const guint32 uint_val,
1222 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1225 return dissector_try_uint_new(sub_dissectors, uint_val, tvb, pinfo, tree, TRUE, NULL);
1228 /* Look for a given value in a given uint dissector table and, if found,
1229 return the dissector handle for that value. */
1231 dissector_get_uint_handle(dissector_table_t const sub_dissectors, const guint32 uint_val)
1233 dtbl_entry_t *dtbl_entry;
1235 dtbl_entry = find_uint_dtbl_entry(sub_dissectors, uint_val);
1236 if (dtbl_entry != NULL)
1237 return dtbl_entry->current;
1243 dissector_get_default_uint_handle(const char *name, const guint32 uint_val)
1245 dissector_table_t sub_dissectors = find_dissector_table(name);
1247 if (sub_dissectors != NULL) {
1248 dtbl_entry_t *dtbl_entry = find_uint_dtbl_entry(sub_dissectors, uint_val);
1249 if (dtbl_entry != NULL)
1250 return dtbl_entry->initial;
1255 /* Find an entry in a string dissector table. */
1256 static dtbl_entry_t *
1257 find_string_dtbl_entry(dissector_table_t const sub_dissectors, const gchar *pattern)
1262 switch (sub_dissectors->type) {
1268 * You can do a string lookup in these tables.
1274 * But you can't do a string lookup in any other types
1277 g_assert_not_reached();
1280 if (sub_dissectors->param == TRUE) {
1281 key = g_ascii_strdown(pattern, -1);
1283 key = g_strdup(pattern);
1289 ret = (dtbl_entry_t *)g_hash_table_lookup(sub_dissectors->hash_table, key);
1296 /* Add an entry to a string dissector table. */
1298 dissector_add_string(const char *name, const gchar *pattern,
1299 dissector_handle_t handle)
1301 dissector_table_t sub_dissectors = find_dissector_table( name);
1302 dtbl_entry_t *dtbl_entry;
1306 * Make sure the dissector table exists.
1308 if (sub_dissectors == NULL) {
1309 fprintf(stderr, "OOPS: dissector table \"%s\" doesn't exist\n",
1311 fprintf(stderr, "Protocol being registered is \"%s\"\n",
1312 proto_get_protocol_long_name(handle->protocol));
1313 if (getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL)
1319 g_assert(handle!=NULL);
1320 switch (sub_dissectors->type) {
1326 * You can do a string lookup in these tables.
1332 * But you can't do a string lookup in any other types
1335 g_assert_not_reached();
1338 dtbl_entry = (dtbl_entry_t *)g_malloc(sizeof (dtbl_entry_t));
1339 dtbl_entry->current = handle;
1340 dtbl_entry->initial = dtbl_entry->current;
1342 if (sub_dissectors->param == TRUE) {
1343 key = g_ascii_strdown(pattern, -1);
1345 key = g_strdup(pattern);
1348 /* do the table insertion */
1349 g_hash_table_insert( sub_dissectors->hash_table, (gpointer)key,
1350 (gpointer)dtbl_entry);
1353 * Now add it to the list of handles that could be used for
1354 * "Decode As" with this table, because it *is* being used
1357 dissector_add_for_decode_as(name, handle);
1360 /* Delete the entry for a dissector in a string dissector table
1361 with a particular pattern. */
1363 /* NOTE: this doesn't use the dissector call variable. It is included to */
1364 /* be consistant with the dissector_add_string and more importantly to */
1365 /* be used if the technique of adding a temporary dissector is */
1367 /* If temporary dissectors are deleted, then the original dissector must */
1370 dissector_delete_string(const char *name, const gchar *pattern,
1371 dissector_handle_t handle _U_)
1373 dissector_table_t sub_dissectors = find_dissector_table( name);
1374 dtbl_entry_t *dtbl_entry;
1377 g_assert( sub_dissectors);
1382 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1384 if (dtbl_entry != NULL) {
1386 * Found - remove it.
1388 g_hash_table_remove(sub_dissectors->hash_table, pattern);
1392 /* Change the entry for a dissector in a string dissector table
1393 with a particular pattern to use a new dissector handle. */
1395 dissector_change_string(const char *name, const gchar *pattern,
1396 dissector_handle_t handle)
1398 dissector_table_t sub_dissectors = find_dissector_table( name);
1399 dtbl_entry_t *dtbl_entry;
1402 g_assert( sub_dissectors);
1405 * See if the entry already exists. If so, reuse it.
1407 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1408 if (dtbl_entry != NULL) {
1409 dtbl_entry->current = handle;
1414 * Don't create an entry if there is no dissector handle - I.E. the
1415 * user said not to decode something that wasn't being decoded
1416 * in the first place.
1421 dtbl_entry = (dtbl_entry_t *)g_malloc(sizeof (dtbl_entry_t));
1422 dtbl_entry->initial = NULL;
1423 dtbl_entry->current = handle;
1425 /* do the table insertion */
1426 g_hash_table_insert( sub_dissectors->hash_table, (gpointer)g_strdup(pattern),
1427 (gpointer)dtbl_entry);
1430 /* Reset an entry in a string sub-dissector table to its initial value. */
1432 dissector_reset_string(const char *name, const gchar *pattern)
1434 dissector_table_t sub_dissectors = find_dissector_table( name);
1435 dtbl_entry_t *dtbl_entry;
1438 g_assert( sub_dissectors);
1443 dtbl_entry = find_string_dtbl_entry(sub_dissectors, pattern);
1445 if (dtbl_entry == NULL)
1449 * Found - is there an initial value?
1451 if (dtbl_entry->initial != NULL) {
1452 dtbl_entry->current = dtbl_entry->initial;
1454 g_hash_table_remove(sub_dissectors->hash_table, pattern);
1458 /* Look for a given string in a given dissector table and, if found, call
1459 the dissector with the arguments supplied, and return length of dissected data,
1460 otherwise return 0. */
1462 dissector_try_string(dissector_table_t sub_dissectors, const gchar *string,
1463 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1465 dtbl_entry_t *dtbl_entry;
1466 struct dissector_handle *handle;
1468 const gchar *saved_match_string;
1470 /* XXX ASSERT instead ? */
1471 if (!string) return 0;
1472 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1473 if (dtbl_entry != NULL) {
1475 * Is there currently a dissector handle for this entry?
1477 handle = dtbl_entry->current;
1478 if (handle == NULL) {
1480 * No - pretend this dissector didn't exist,
1481 * so that other dissectors might have a chance
1482 * to dissect this packet.
1488 * Save the current value of "pinfo->match_string",
1489 * set it to the string that matched, call the
1490 * dissector, and restore "pinfo->match_string".
1492 saved_match_string = pinfo->match_string;
1493 pinfo->match_string = string;
1494 len = call_dissector_work(handle, tvb, pinfo, tree, TRUE, data);
1495 pinfo->match_string = saved_match_string;
1498 * If a new-style dissector returned 0, it means that
1499 * it didn't think this tvbuff represented a packet for
1500 * its protocol, and didn't dissect anything.
1502 * Old-style dissectors can't reject the packet.
1504 * 0 is also returned if the protocol wasn't enabled.
1506 * If the packet was rejected, we return 0, so that
1507 * other dissectors might have a chance to dissect this
1508 * packet, otherwise we return the dissected length.
1515 /* Look for a given value in a given string dissector table and, if found,
1516 return the dissector handle for that value. */
1518 dissector_get_string_handle(dissector_table_t sub_dissectors,
1519 const gchar *string)
1521 dtbl_entry_t *dtbl_entry;
1523 /* XXX ASSERT instead ? */
1524 if (!string) return NULL;
1525 dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1526 if (dtbl_entry != NULL)
1527 return dtbl_entry->current;
1533 dissector_get_default_string_handle(const char *name, const gchar *string)
1535 dissector_table_t sub_dissectors;
1537 /* XXX ASSERT instead ? */
1538 if (!string) return NULL;
1539 sub_dissectors = find_dissector_table(name);
1540 if (sub_dissectors != NULL) {
1541 dtbl_entry_t *dtbl_entry = find_string_dtbl_entry(sub_dissectors, string);
1542 if (dtbl_entry != NULL)
1543 return dtbl_entry->initial;
1548 /* Add an entry to a "custom" dissector table. */
1549 void dissector_add_custom_table_handle(const char *name, void *pattern, dissector_handle_t handle)
1551 dissector_table_t sub_dissectors = find_dissector_table( name);
1552 dtbl_entry_t *dtbl_entry;
1555 * Make sure the dissector table exists.
1557 if (sub_dissectors == NULL) {
1558 fprintf(stderr, "OOPS: dissector table \"%s\" doesn't exist\n",
1560 fprintf(stderr, "Protocol being registered is \"%s\"\n",
1561 proto_get_protocol_long_name(handle->protocol));
1562 if (getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL)
1567 g_assert(sub_dissectors->type == FT_BYTES);
1569 dtbl_entry = (dtbl_entry_t *)g_malloc(sizeof (dtbl_entry_t));
1570 dtbl_entry->current = handle;
1571 dtbl_entry->initial = dtbl_entry->current;
1573 /* do the table insertion */
1574 g_hash_table_insert( sub_dissectors->hash_table, (gpointer)pattern,
1575 (gpointer)dtbl_entry);
1578 * Now add it to the list of handles that could be used for
1579 * "Decode As" with this table, because it *is* being used
1582 dissector_add_for_decode_as(name, handle);
1585 dissector_handle_t dissector_get_custom_table_handle(dissector_table_t sub_dissectors, void *key)
1587 dtbl_entry_t *dtbl_entry = (dtbl_entry_t *)g_hash_table_lookup(sub_dissectors->hash_table, key);
1589 if (dtbl_entry != NULL)
1590 return dtbl_entry->current;
1594 /* Add an entry to a guid dissector table. */
1595 void dissector_add_guid(const char *name, guid_key* guid_val, dissector_handle_t handle)
1597 dissector_table_t sub_dissectors;
1598 dtbl_entry_t *dtbl_entry;
1600 sub_dissectors = find_dissector_table(name);
1603 * Make sure the dissector table exists.
1605 if (sub_dissectors == NULL) {
1606 fprintf(stderr, "OOPS: dissector table \"%s\" doesn't exist\n",
1608 fprintf(stderr, "Protocol being registered is \"%s\"\n",
1609 proto_get_protocol_long_name(handle->protocol));
1610 if (getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL)
1616 g_assert(handle!=NULL);
1617 if (sub_dissectors->type != FT_GUID) {
1618 g_assert_not_reached();
1621 dtbl_entry = (dtbl_entry_t *)g_malloc(sizeof (dtbl_entry_t));
1622 dtbl_entry->current = handle;
1623 dtbl_entry->initial = dtbl_entry->current;
1625 /* do the table insertion */
1626 g_hash_table_insert( sub_dissectors->hash_table,
1627 guid_val, (gpointer)dtbl_entry);
1630 * Now add it to the list of handles that could be used with this
1631 * table, because it *is* being used with this table.
1633 dissector_add_for_decode_as(name, handle);
1637 /* Look for a given value in a given guid dissector table and, if found,
1638 call the dissector with the arguments supplied, and return TRUE,
1639 otherwise return FALSE. */
1640 int dissector_try_guid_new(dissector_table_t sub_dissectors,
1641 guid_key* guid_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const gboolean add_proto_name, void *data)
1643 dtbl_entry_t *dtbl_entry;
1644 struct dissector_handle *handle;
1647 dtbl_entry = (dtbl_entry_t *)g_hash_table_lookup(sub_dissectors->hash_table, guid_val);
1648 if (dtbl_entry != NULL) {
1650 * Is there currently a dissector handle for this entry?
1652 handle = dtbl_entry->current;
1653 if (handle == NULL) {
1655 * No - pretend this dissector didn't exist,
1656 * so that other dissectors might have a chance
1657 * to dissect this packet.
1663 * Save the current value of "pinfo->match_uint",
1664 * set it to the uint_val that matched, call the
1665 * dissector, and restore "pinfo->match_uint".
1667 len = call_dissector_work(handle, tvb, pinfo, tree, add_proto_name, data);
1670 * If a new-style dissector returned 0, it means that
1671 * it didn't think this tvbuff represented a packet for
1672 * its protocol, and didn't dissect anything.
1674 * Old-style dissectors can't reject the packet.
1676 * 0 is also returned if the protocol wasn't enabled.
1678 * If the packet was rejected, we return 0, so that
1679 * other dissectors might have a chance to dissect this
1680 * packet, otherwise we return the dissected length.
1687 int dissector_try_guid(dissector_table_t sub_dissectors,
1688 guid_key* guid_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1690 return dissector_try_guid_new(sub_dissectors, guid_val, tvb, pinfo, tree, TRUE, NULL);
1693 /** Look for a given value in a given guid dissector table and, if found,
1694 * return the current dissector handle for that value.
1696 * @param[in] sub_dissectors Dissector table to search.
1697 * @param[in] uint_val Value to match, e.g. the port number for the TCP dissector.
1698 * @return The matching dissector handle on success, NULL if no match is found.
1700 dissector_handle_t dissector_get_guid_handle(
1701 dissector_table_t const sub_dissectors, guid_key* guid_val)
1703 dtbl_entry_t *dtbl_entry;
1705 dtbl_entry = (dtbl_entry_t *)g_hash_table_lookup(sub_dissectors->hash_table, guid_val);
1706 if (dtbl_entry != NULL)
1707 return dtbl_entry->current;
1714 dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry)
1716 return dtbl_entry->current;
1720 dissector_compare_filter_name(gconstpointer dissector_a, gconstpointer dissector_b)
1722 const struct dissector_handle *a = (const struct dissector_handle *)dissector_a;
1723 const struct dissector_handle *b = (const struct dissector_handle *)dissector_b;
1724 const char *a_name, *b_name;
1727 if (a->protocol == NULL)
1730 a_name = proto_get_protocol_filter_name(proto_get_id(a->protocol));
1732 if (b->protocol == NULL)
1735 b_name = proto_get_protocol_filter_name(proto_get_id(b->protocol));
1737 ret = strcmp(a_name, b_name);
1741 /* Add a handle to the list of handles that *could* be used with this
1742 table. That list is used by the "Decode As"/"-d" code in the UI. */
1744 dissector_add_for_decode_as(const char *name, dissector_handle_t handle)
1746 dissector_table_t sub_dissectors = find_dissector_table( name);
1748 dissector_handle_t dup_handle;
1751 * Make sure the dissector table exists.
1753 if (sub_dissectors == NULL) {
1754 fprintf(stderr, "OOPS: dissector table \"%s\" doesn't exist\n",
1756 fprintf(stderr, "Protocol being registered is \"%s\"\n",
1757 proto_get_protocol_long_name(handle->protocol));
1758 if (getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL)
1763 /* Add the dissector as a dependency
1764 (some dissector tables don't have protocol association, so there is
1765 the need for the NULL check */
1766 if (sub_dissectors->protocol != NULL)
1767 register_depend_dissector(proto_get_protocol_short_name(sub_dissectors->protocol), proto_get_protocol_short_name(handle->protocol));
1769 /* Is it already in this list? */
1770 entry = g_slist_find(sub_dissectors->dissector_handles, (gpointer)handle);
1771 if (entry != NULL) {
1773 * Yes - don't insert it again.
1778 /* Ensure the protocol is unique. This prevents confusion when using Decode As
1779 with duplicative entries */
1780 if (sub_dissectors->allow_dup_proto == DISSECTOR_TABLE_NOT_ALLOW_DUPLICATE)
1782 for (entry = sub_dissectors->dissector_handles; entry != NULL; entry = g_slist_next(entry))
1784 dup_handle = (dissector_handle_t)entry->data;
1785 if (dup_handle->protocol == handle->protocol)
1787 fprintf(stderr, "Duplicate dissectors %s and %s for protocol %s in dissector table %s\n",
1788 dissector_handle_get_dissector_name(handle),
1789 dissector_handle_get_dissector_name(dup_handle),
1790 proto_get_protocol_short_name(handle->protocol),
1792 if (getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL)
1798 /* Add it to the list. */
1799 sub_dissectors->dissector_handles =
1800 g_slist_insert_sorted(sub_dissectors->dissector_handles, (gpointer)handle, (GCompareFunc)dissector_compare_filter_name);
1804 dtbl_entry_get_initial_handle (dtbl_entry_t *dtbl_entry)
1806 return dtbl_entry->initial;
1810 dissector_table_get_dissector_handles(dissector_table_t dissector_table) {
1811 if (!dissector_table) return NULL;
1812 return dissector_table->dissector_handles;
1816 dissector_table_get_type(dissector_table_t dissector_table) {
1817 if (!dissector_table) return FT_NONE;
1818 return dissector_table->type;
1821 dissector_table_allow_e
1822 dissector_table_get_proto_allowed(dissector_table_t dissector_table)
1824 if (!dissector_table) return DISSECTOR_TABLE_NOT_ALLOW_DUPLICATE;
1825 return dissector_table->allow_dup_proto;
1829 uuid_equal(gconstpointer k1, gconstpointer k2)
1831 const guid_key *key1 = (const guid_key *)k1;
1832 const guid_key *key2 = (const guid_key *)k2;
1833 return ((memcmp(&key1->guid, &key2->guid, sizeof (e_guid_t)) == 0)
1834 && (key1->ver == key2->ver));
1838 uuid_hash(gconstpointer k)
1840 const guid_key *key = (const guid_key *)k;
1841 /* This isn't perfect, but the Data1 part of these is almost always
1843 return key->guid.data1;
1846 /**************************************************/
1848 /* Routines to walk dissector tables */
1850 /**************************************************/
1852 typedef struct dissector_foreach_info {
1853 gpointer caller_data;
1854 DATFunc caller_func;
1856 const gchar *table_name;
1857 ftenum_t selector_type;
1858 } dissector_foreach_info_t;
1861 * Called for each entry in a dissector table.
1864 dissector_table_foreach_func (gpointer key, gpointer value, gpointer user_data)
1866 dissector_foreach_info_t *info;
1867 dtbl_entry_t *dtbl_entry;
1870 g_assert(user_data);
1872 dtbl_entry = (dtbl_entry_t *)value;
1873 if (dtbl_entry->current == NULL ||
1874 dtbl_entry->current->protocol == NULL) {
1876 * Either there is no dissector for this entry, or
1877 * the dissector doesn't have a protocol associated
1880 * XXX - should the latter check be done?
1885 info = (dissector_foreach_info_t *)user_data;
1886 info->caller_func(info->table_name, info->selector_type, key, value,
1891 * Called for each entry in the table of all dissector tables.
1894 dissector_all_tables_foreach_func (gpointer key, gpointer value, gpointer user_data)
1896 dissector_table_t sub_dissectors;
1897 dissector_foreach_info_t *info;
1900 g_assert(user_data);
1902 sub_dissectors = (dissector_table_t)value;
1903 info = (dissector_foreach_info_t *)user_data;
1904 info->table_name = (gchar*) key;
1905 info->selector_type = get_dissector_table_selector_type(info->table_name);
1906 g_hash_table_foreach(sub_dissectors->hash_table, info->next_func, info);
1910 * Walk all dissector tables calling a user supplied function on each
1914 dissector_all_tables_foreach (DATFunc func,
1917 dissector_foreach_info_t info;
1919 info.caller_data = user_data;
1920 info.caller_func = func;
1921 info.next_func = dissector_table_foreach_func;
1922 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
1926 * Walk one dissector table's hash table calling a user supplied function
1930 dissector_table_foreach (const char *table_name,
1934 dissector_foreach_info_t info;
1935 dissector_table_t sub_dissectors = find_dissector_table(table_name);
1937 info.table_name = table_name;
1938 info.selector_type = sub_dissectors->type;
1939 info.caller_func = func;
1940 info.caller_data = user_data;
1941 g_hash_table_foreach(sub_dissectors->hash_table, dissector_table_foreach_func, &info);
1945 * Walk one dissector table's list of handles calling a user supplied
1946 * function on each entry.
1949 dissector_table_foreach_handle(const char *table_name,
1950 DATFunc_handle func,
1953 dissector_table_t sub_dissectors = find_dissector_table(table_name);
1956 for (tmp = sub_dissectors->dissector_handles; tmp != NULL;
1957 tmp = g_slist_next(tmp))
1958 func(table_name, tmp->data, user_data);
1962 * Called for each entry in a dissector table.
1965 dissector_table_foreach_changed_func (gpointer key, gpointer value, gpointer user_data)
1967 dtbl_entry_t *dtbl_entry;
1968 dissector_foreach_info_t *info;
1971 g_assert(user_data);
1973 dtbl_entry = (dtbl_entry_t *)value;
1974 if (dtbl_entry->initial == dtbl_entry->current) {
1976 * Entry hasn't changed - don't call the function.
1981 info = (dissector_foreach_info_t *)user_data;
1982 info->caller_func(info->table_name, info->selector_type, key, value,
1987 * Walk all dissector tables calling a user supplied function only on
1988 * any entry that has been changed from its original state.
1991 dissector_all_tables_foreach_changed (DATFunc func,
1994 dissector_foreach_info_t info;
1996 info.caller_data = user_data;
1997 info.caller_func = func;
1998 info.next_func = dissector_table_foreach_changed_func;
1999 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_func, &info);
2003 * Walk one dissector table calling a user supplied function only on
2004 * any entry that has been changed from its original state.
2007 dissector_table_foreach_changed (const char *table_name,
2011 dissector_foreach_info_t info;
2012 dissector_table_t sub_dissectors = find_dissector_table(table_name);
2014 info.table_name = table_name;
2015 info.selector_type = sub_dissectors->type;
2016 info.caller_func = func;
2017 info.caller_data = user_data;
2018 g_hash_table_foreach(sub_dissectors->hash_table,
2019 dissector_table_foreach_changed_func, &info);
2022 typedef struct dissector_foreach_table_info {
2023 gpointer caller_data;
2024 DATFunc_table caller_func;
2025 } dissector_foreach_table_info_t;
2028 * Called for each entry in the table of all dissector tables.
2029 * This is used if we directly process the hash table.
2032 dissector_all_tables_foreach_table_func (gpointer key, gpointer value, gpointer user_data)
2034 dissector_table_t table;
2035 dissector_foreach_table_info_t *info;
2037 table = (dissector_table_t)value;
2038 info = (dissector_foreach_table_info_t *)user_data;
2039 (*info->caller_func)((gchar *)key, table->ui_name, info->caller_data);
2043 * Called for each key in the table of all dissector tables.
2044 * This is used if we get a list of table names, sort it, and process the list.
2047 dissector_all_tables_foreach_list_func (gpointer key, gpointer user_data)
2049 dissector_table_t table;
2050 dissector_foreach_table_info_t *info;
2052 table = (dissector_table_t)g_hash_table_lookup( dissector_tables, key );
2053 info = (dissector_foreach_table_info_t *)user_data;
2054 (*info->caller_func)((gchar*)key, table->ui_name, info->caller_data);
2058 * Walk all dissector tables calling a user supplied function on each
2062 dissector_all_tables_foreach_table (DATFunc_table func,
2064 GCompareFunc compare_key_func)
2066 dissector_foreach_table_info_t info;
2069 info.caller_data = user_data;
2070 info.caller_func = func;
2071 if (compare_key_func != NULL)
2073 list = g_hash_table_get_keys(dissector_tables);
2074 list = g_list_sort(list, compare_key_func);
2075 g_list_foreach(list, dissector_all_tables_foreach_list_func, &info);
2080 g_hash_table_foreach(dissector_tables, dissector_all_tables_foreach_table_func, &info);
2085 register_dissector_table(const char *name, const char *ui_name, const int proto, const ftenum_t type,
2086 const int param, dissector_table_allow_e allow_dup)
2088 dissector_table_t sub_dissectors;
2090 /* Make sure the registration is unique */
2091 if(g_hash_table_lookup( dissector_tables, name )) {
2092 g_error("The dissector table %s (%s) is already registered - are you using a buggy plugin?", name, ui_name);
2095 /* Create and register the dissector table for this name; returns */
2096 /* a pointer to the dissector table. */
2097 sub_dissectors = g_slice_new(struct dissector_table);
2105 * XXX - there's no "g_uint_hash()" or "g_uint_equal()",
2106 * so we use "g_direct_hash()" and "g_direct_equal()".
2108 sub_dissectors->hash_func = g_direct_hash;
2109 sub_dissectors->hash_table = g_hash_table_new_full( g_direct_hash,
2118 sub_dissectors->hash_func = g_str_hash;
2119 sub_dissectors->hash_table = g_hash_table_new_full( g_str_hash,
2125 sub_dissectors->hash_table = g_hash_table_new_full( uuid_hash,
2131 g_error("The dissector table %s (%s) is registering an unsupported type - are you using a buggy plugin?", name, ui_name);
2132 g_assert_not_reached();
2134 sub_dissectors->dissector_handles = NULL;
2135 sub_dissectors->ui_name = ui_name;
2136 sub_dissectors->type = type;
2137 sub_dissectors->param = param;
2138 sub_dissectors->protocol = find_protocol_by_id(proto);
2139 sub_dissectors->allow_dup_proto = allow_dup;
2140 g_hash_table_insert( dissector_tables, (gpointer)name, (gpointer) sub_dissectors );
2141 return sub_dissectors;
2144 dissector_table_t register_custom_dissector_table(const char *name,
2145 const char *ui_name, const int proto, GHashFunc hash_func, GEqualFunc key_equal_func, dissector_table_allow_e allow_dup)
2147 dissector_table_t sub_dissectors;
2149 /* Make sure the registration is unique */
2150 if(g_hash_table_lookup( dissector_tables, name )) {
2151 g_error("The dissector table %s (%s) is already registered - are you using a buggy plugin?", name, ui_name);
2154 /* Create and register the dissector table for this name; returns */
2155 /* a pointer to the dissector table. */
2156 sub_dissectors = g_slice_new(struct dissector_table);
2157 sub_dissectors->hash_func = hash_func;
2158 sub_dissectors->hash_table = g_hash_table_new_full(hash_func,
2163 sub_dissectors->dissector_handles = NULL;
2164 sub_dissectors->ui_name = ui_name;
2165 sub_dissectors->type = FT_BYTES; /* Consider key a "blob" of data, no need to really create new type */
2166 sub_dissectors->param = BASE_NONE;
2167 sub_dissectors->protocol = find_protocol_by_id(proto);
2168 sub_dissectors->allow_dup_proto = allow_dup;
2169 g_hash_table_insert( dissector_tables, (gpointer)name, (gpointer) sub_dissectors );
2170 return sub_dissectors;
2174 deregister_dissector_table(const char *name)
2176 dissector_table_t sub_dissectors = find_dissector_table(name);
2177 if (!sub_dissectors) return;
2179 g_hash_table_remove(dissector_tables, name);
2183 get_dissector_table_ui_name(const char *name)
2185 dissector_table_t sub_dissectors = find_dissector_table(name);
2186 if (!sub_dissectors) return NULL;
2188 return sub_dissectors->ui_name;
2192 get_dissector_table_selector_type(const char *name)
2194 dissector_table_t sub_dissectors = find_dissector_table(name);
2195 if (!sub_dissectors) return FT_NONE;
2197 return sub_dissectors->type;
2201 get_dissector_table_param(const char *name)
2203 dissector_table_t sub_dissectors = find_dissector_table(name);
2204 if (!sub_dissectors) return 0;
2206 return sub_dissectors->param;
2209 /* Finds a heuristic dissector table by table name. */
2210 heur_dissector_list_t
2211 find_heur_dissector_list(const char *name)
2213 return (heur_dissector_list_t)g_hash_table_lookup(heur_dissector_lists, name);
2217 has_heur_dissector_list(const gchar *name) {
2218 return (find_heur_dissector_list(name) != NULL);
2221 heur_dtbl_entry_t* find_heur_dissector_by_unique_short_name(const char *short_name)
2223 return (heur_dtbl_entry_t*)g_hash_table_lookup(heuristic_short_names, short_name);
2227 heur_dissector_add(const char *name, heur_dissector_t dissector, const char *display_name, const char *short_name, const int proto, heuristic_enable_e enable)
2229 heur_dissector_list_t sub_dissectors = find_heur_dissector_list(name);
2230 const char *proto_name;
2231 heur_dtbl_entry_t *hdtbl_entry;
2236 * Make sure the dissector table exists.
2238 if (sub_dissectors == NULL) {
2239 fprintf(stderr, "OOPS: dissector table \"%s\" doesn't exist\n",
2241 proto_name = proto_get_protocol_name(proto);
2242 if (proto_name != NULL) {
2243 fprintf(stderr, "Protocol being registered is \"%s\"\n",
2246 if (getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL)
2251 /* Verify that sub-dissector is not already in the list */
2252 list_size = g_slist_length(sub_dissectors->dissectors);
2253 for (i = 0; i < list_size; i++)
2255 list_entry = g_slist_nth(sub_dissectors->dissectors, i);
2256 hdtbl_entry = (heur_dtbl_entry_t *)list_entry->data;
2257 if ((hdtbl_entry->dissector == dissector) &&
2258 (hdtbl_entry->protocol == find_protocol_by_id(proto)))
2260 proto_name = proto_get_protocol_name(proto);
2261 if (proto_name != NULL) {
2262 fprintf(stderr, "Protocol %s is already registered in \"%s\" table\n",
2265 if (getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL)
2271 /* Ensure short_name is unique */
2272 if (g_hash_table_lookup(heuristic_short_names, short_name) != NULL) {
2273 g_error("Duplicate heuristic short_name \"%s\"!"
2274 " This might be caused by an inappropriate plugin or a development error.", short_name);
2277 hdtbl_entry = g_slice_new(heur_dtbl_entry_t);
2278 hdtbl_entry->dissector = dissector;
2279 hdtbl_entry->protocol = find_protocol_by_id(proto);
2280 hdtbl_entry->display_name = display_name;
2281 hdtbl_entry->short_name = short_name;
2282 hdtbl_entry->list_name = g_strdup(name);
2283 hdtbl_entry->enabled = (enable == HEURISTIC_ENABLE);
2285 /* do the table insertion */
2286 g_hash_table_insert(heuristic_short_names, (gpointer)short_name, hdtbl_entry);
2288 sub_dissectors->dissectors = g_slist_prepend(sub_dissectors->dissectors,
2289 (gpointer)hdtbl_entry);
2291 /* XXX - could be optimized to pass hdtbl_entry directly */
2292 proto_add_heuristic_dissector(hdtbl_entry->protocol, short_name);
2294 /* Add the dissector as a dependency
2295 (some heuristic tables don't have protocol association, so there is
2296 the need for the NULL check */
2297 if (sub_dissectors->protocol != NULL)
2298 register_depend_dissector(proto_get_protocol_short_name(sub_dissectors->protocol), proto_get_protocol_short_name(hdtbl_entry->protocol));
2304 find_matching_heur_dissector( gconstpointer a, gconstpointer b) {
2305 const heur_dtbl_entry_t *hdtbl_entry_a = (const heur_dtbl_entry_t *) a;
2306 const heur_dtbl_entry_t *hdtbl_entry_b = (const heur_dtbl_entry_t *) b;
2308 return (hdtbl_entry_a->dissector == hdtbl_entry_b->dissector) &&
2309 (hdtbl_entry_a->protocol == hdtbl_entry_b->protocol) ? 0 : 1;
2313 heur_dissector_delete(const char *name, heur_dissector_t dissector, const int proto) {
2314 heur_dissector_list_t sub_dissectors = find_heur_dissector_list(name);
2315 heur_dtbl_entry_t hdtbl_entry;
2316 GSList *found_entry;
2319 g_assert(sub_dissectors != NULL);
2321 hdtbl_entry.dissector = dissector;
2322 hdtbl_entry.protocol = find_protocol_by_id(proto);
2324 found_entry = g_slist_find_custom(sub_dissectors->dissectors,
2325 (gpointer) &hdtbl_entry, find_matching_heur_dissector);
2328 heur_dtbl_entry_t *found_hdtbl_entry = (heur_dtbl_entry_t *)(found_entry->data);
2329 g_free(found_hdtbl_entry->list_name);
2330 g_hash_table_remove(heuristic_short_names, found_hdtbl_entry->short_name);
2331 g_slice_free(heur_dtbl_entry_t, found_entry->data);
2332 sub_dissectors->dissectors = g_slist_delete_link(sub_dissectors->dissectors,
2338 dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb,
2339 packet_info *pinfo, proto_tree *tree, heur_dtbl_entry_t **heur_dtbl_entry, void *data)
2342 const char *saved_curr_proto;
2343 const char *saved_heur_list_name;
2345 guint16 saved_can_desegment;
2346 guint saved_layers_len = 0;
2347 heur_dtbl_entry_t *hdtbl_entry;
2350 /* can_desegment is set to 2 by anyone which offers this api/service.
2351 then everytime a subdissector is called it is decremented by one.
2352 thus only the subdissector immediately ontop of whoever offers this
2354 We save the current value of "can_desegment" for the
2355 benefit of TCP proxying dissectors such as SOCKS, so they
2356 can restore it and allow the dissectors they call to use
2357 the desegmentation service.
2359 saved_can_desegment = pinfo->can_desegment;
2360 pinfo->saved_can_desegment = saved_can_desegment;
2361 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
2364 saved_curr_proto = pinfo->current_proto;
2365 saved_heur_list_name = pinfo->heur_list_name;
2367 saved_layers_len = wmem_list_count(pinfo->layers);
2368 *heur_dtbl_entry = NULL;
2370 for (entry = sub_dissectors->dissectors; entry != NULL;
2371 entry = g_slist_next(entry)) {
2372 /* XXX - why set this now and above? */
2373 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
2374 hdtbl_entry = (heur_dtbl_entry_t *)entry->data;
2376 if (hdtbl_entry->protocol != NULL &&
2377 (!proto_is_protocol_enabled(hdtbl_entry->protocol)||(hdtbl_entry->enabled==FALSE))) {
2379 * No - don't try this dissector.
2384 if (hdtbl_entry->protocol != NULL) {
2385 proto_id = proto_get_id(hdtbl_entry->protocol);
2386 /* do NOT change this behavior - wslua uses the protocol short name set here in order
2387 to determine which Lua-based heurisitc dissector to call */
2388 pinfo->current_proto =
2389 proto_get_protocol_short_name(hdtbl_entry->protocol);
2392 * Add the protocol name to the layers; we'll remove it
2393 * if the dissector fails.
2395 wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_id));
2398 pinfo->heur_list_name = hdtbl_entry->list_name;
2400 if ((hdtbl_entry->dissector)(tvb, pinfo, tree, data)) {
2401 *heur_dtbl_entry = hdtbl_entry;
2406 * That dissector didn't accept the packet, so
2407 * remove its protocol's name from the list
2410 while (wmem_list_count(pinfo->layers) > saved_layers_len) {
2411 wmem_list_remove_frame(pinfo->layers, wmem_list_tail(pinfo->layers));
2416 pinfo->current_proto = saved_curr_proto;
2417 pinfo->heur_list_name = saved_heur_list_name;
2418 pinfo->can_desegment = saved_can_desegment;
2422 typedef struct heur_dissector_foreach_info {
2423 gpointer caller_data;
2424 DATFunc_heur caller_func;
2426 const gchar *table_name;
2427 } heur_dissector_foreach_info_t;
2430 * Called for each entry in a heuristic dissector table.
2433 heur_dissector_table_foreach_func (gpointer data, gpointer user_data)
2435 heur_dissector_foreach_info_t *info;
2438 g_assert(user_data);
2440 info = (heur_dissector_foreach_info_t *)user_data;
2441 info->caller_func(info->table_name, (heur_dtbl_entry_t *)data,
2446 * Walk one heuristic dissector table's list calling a user supplied function
2450 heur_dissector_table_foreach (const char *table_name,
2454 heur_dissector_foreach_info_t info;
2455 heur_dissector_list_t sub_dissectors = find_heur_dissector_list(table_name);
2457 info.table_name = table_name;
2458 info.caller_func = func;
2459 info.caller_data = user_data;
2460 g_slist_foreach(sub_dissectors->dissectors,
2461 heur_dissector_table_foreach_func, &info);
2465 * Called for each entry in the table of all heuristic dissector tables.
2467 typedef struct heur_dissector_foreach_table_info {
2468 gpointer caller_data;
2469 DATFunc_heur_table caller_func;
2470 } heur_dissector_foreach_table_info_t;
2473 * Called for each entry in the table of all heuristic dissector tables.
2474 * This is used if we directly process the hash table.
2477 dissector_all_heur_tables_foreach_table_func (gpointer key, gpointer value, gpointer user_data)
2479 heur_dissector_foreach_table_info_t *info;
2481 info = (heur_dissector_foreach_table_info_t *)user_data;
2482 (*info->caller_func)((gchar *)key, (struct heur_dissector_list *)value, info->caller_data);
2486 * Called for each key in the table of all dissector tables.
2487 * This is used if we get a list of table names, sort it, and process the list.
2490 dissector_all_heur_tables_foreach_list_func (gpointer key, gpointer user_data)
2492 struct heur_dissector_list *list;
2493 heur_dissector_foreach_table_info_t *info;
2495 list = (struct heur_dissector_list *)g_hash_table_lookup(heur_dissector_lists, key);
2496 info = (heur_dissector_foreach_table_info_t *)user_data;
2497 (*info->caller_func)((gchar*)key, list, info->caller_data);
2501 * Walk all heuristic dissector tables calling a user supplied function on each
2505 dissector_all_heur_tables_foreach_table (DATFunc_heur_table func,
2507 GCompareFunc compare_key_func)
2509 heur_dissector_foreach_table_info_t info;
2512 info.caller_data = user_data;
2513 info.caller_func = func;
2514 if (compare_key_func != NULL)
2516 list = g_hash_table_get_keys(dissector_tables);
2517 list = g_list_sort(list, compare_key_func);
2518 g_list_foreach(list, dissector_all_heur_tables_foreach_list_func, &info);
2523 g_hash_table_foreach(heur_dissector_lists, dissector_all_heur_tables_foreach_table_func, &info);
2528 display_heur_dissector_table_entries(const char *table_name,
2529 heur_dtbl_entry_t *hdtbl_entry, gpointer user_data _U_)
2531 if (hdtbl_entry->protocol != NULL) {
2532 printf("%s\t%s\t%c\n",
2534 proto_get_protocol_filter_name(proto_get_id(hdtbl_entry->protocol)),
2535 (proto_is_protocol_enabled(hdtbl_entry->protocol) && hdtbl_entry->enabled) ? 'T' : 'F');
2540 dissector_dump_heur_decodes_display(const gchar *table_name, struct heur_dissector_list *listptr _U_, gpointer user_data _U_)
2542 heur_dissector_table_foreach(table_name, display_heur_dissector_table_entries, NULL);
2546 * For each heuristic dissector table, dump list of dissectors (filter_names) for that table
2549 dissector_dump_heur_decodes(void)
2551 dissector_all_heur_tables_foreach_table(dissector_dump_heur_decodes_display, NULL, NULL);
2555 heur_dissector_list_t
2556 register_heur_dissector_list(const char *name, const int proto)
2558 heur_dissector_list_t sub_dissectors;
2560 /* Make sure the registration is unique */
2561 if (g_hash_table_lookup(heur_dissector_lists, name) != NULL) {
2562 g_error("The heuristic dissector list %s is already registered - are you using a buggy plugin?", name);
2565 /* Create and register the dissector table for this name; returns */
2566 /* a pointer to the dissector table. */
2567 sub_dissectors = g_slice_new(struct heur_dissector_list);
2568 sub_dissectors->protocol = find_protocol_by_id(proto);
2569 sub_dissectors->dissectors = NULL; /* initially empty */
2570 g_hash_table_insert(heur_dissector_lists, (gpointer)name,
2571 (gpointer) sub_dissectors);
2572 return sub_dissectors;
2576 * Register dissectors by name; used if one dissector always calls a
2577 * particular dissector, or if it bases the decision of which dissector
2578 * to call on something other than a numerical value or on "try a bunch
2579 * of dissectors until one likes the packet".
2582 /* Get the long name of the protocol for a dissector handle, if it has
2585 dissector_handle_get_long_name(const dissector_handle_t handle)
2587 if (handle == NULL || handle->protocol == NULL) {
2590 return proto_get_protocol_long_name(handle->protocol);
2593 /* Get the short name of the protocol for a dissector handle, if it has
2596 dissector_handle_get_short_name(const dissector_handle_t handle)
2598 if (handle->protocol == NULL) {
2600 * No protocol (see, for example, the handle for
2601 * dissecting the set of protocols where the first
2602 * octet of the payload is an OSI network layer protocol
2607 return proto_get_protocol_short_name(handle->protocol);
2610 /* Get the index of the protocol for a dissector handle, if it has
2613 dissector_handle_get_protocol_index(const dissector_handle_t handle)
2615 if (handle->protocol == NULL) {
2617 * No protocol (see, for example, the handle for
2618 * dissecting the set of protocols where the first
2619 * octet of the payload is an OSI network layer protocol
2624 return proto_get_id(handle->protocol);
2627 /* Get a GList of all registered dissector names. The content of the list
2628 is owned by the hash table and should not be modified or freed.
2629 Use g_list_free() when done using the list. */
2631 get_dissector_names(void)
2633 return g_hash_table_get_keys(registered_dissectors);
2636 /* Find a registered dissector by name. */
2638 find_dissector(const char *name)
2640 return (dissector_handle_t)g_hash_table_lookup(registered_dissectors, name);
2643 /** Find a dissector by name and add parent protocol as a depedency*/
2644 dissector_handle_t find_dissector_add_dependency(const char *name, const int parent_proto)
2646 dissector_handle_t handle = (dissector_handle_t)g_hash_table_lookup(registered_dissectors, name);
2647 if ((handle != NULL) && (parent_proto > 0))
2649 register_depend_dissector(proto_get_protocol_short_name(find_protocol_by_id(parent_proto)), dissector_handle_get_short_name(handle));
2655 /* Get a dissector name from handle. */
2657 dissector_handle_get_dissector_name(const dissector_handle_t handle)
2659 if (handle == NULL) {
2662 return handle->name;
2665 /* Create an anonymous handle for a new dissector. */
2667 create_dissector_handle(dissector_t dissector, const int proto)
2669 struct dissector_handle *handle;
2671 handle = wmem_new(wmem_epan_scope(), struct dissector_handle);
2672 handle->name = NULL;
2673 handle->dissector = dissector;
2674 handle->protocol = find_protocol_by_id(proto);
2679 dissector_handle_t create_dissector_handle_with_name(dissector_t dissector,
2680 const int proto, const char* name)
2682 struct dissector_handle *handle;
2684 handle = wmem_new(wmem_epan_scope(), struct dissector_handle);
2685 handle->name = name;
2686 handle->dissector = dissector;
2687 handle->protocol = find_protocol_by_id(proto);
2692 /* Destroy an anonymous handle for a dissector. */
2694 destroy_dissector_handle(dissector_handle_t handle)
2696 if (handle == NULL) return;
2698 dissector_delete_from_all_tables(handle);
2699 deregister_postdissector(handle);
2700 wmem_free(wmem_epan_scope(), handle);
2703 /* Register a new dissector by name. */
2705 register_dissector(const char *name, dissector_t dissector, const int proto)
2707 struct dissector_handle *handle;
2709 /* Make sure the registration is unique */
2710 g_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);
2712 handle = wmem_new(wmem_epan_scope(), struct dissector_handle);
2713 handle->name = name;
2714 handle->dissector = dissector;
2715 handle->protocol = find_protocol_by_id(proto);
2717 g_hash_table_insert(registered_dissectors, (gpointer)name,
2724 remove_depend_dissector_from_list(depend_dissector_list_t sub_dissectors, const char *dependent)
2726 GSList *found_entry;
2728 found_entry = g_slist_find_custom(sub_dissectors->dissectors,
2729 dependent, (GCompareFunc)strcmp);
2732 g_free(found_entry->data);
2733 sub_dissectors->dissectors = g_slist_delete_link(sub_dissectors->dissectors, found_entry);
2741 remove_depend_dissector_ghfunc(gpointer key _U_, gpointer value, gpointer user_data)
2743 depend_dissector_list_t sub_dissectors = (depend_dissector_list_t) value;
2744 const char *dependent = (const char *)user_data;
2746 remove_depend_dissector_from_list(sub_dissectors, dependent);
2749 /* Deregister a dissector by name. */
2751 deregister_dissector(const char *name)
2753 dissector_handle_t handle = find_dissector(name);
2754 if (handle == NULL) return;
2756 g_hash_table_remove(registered_dissectors, name);
2757 g_hash_table_remove(depend_dissector_lists, name);
2758 g_hash_table_foreach(depend_dissector_lists, remove_depend_dissector_ghfunc, (gpointer)name);
2759 g_hash_table_remove(heur_dissector_lists, name);
2761 destroy_dissector_handle(handle);
2764 /* Call a dissector through a handle but if the dissector rejected it
2768 call_dissector_only(dissector_handle_t handle, tvbuff_t *tvb,
2769 packet_info *pinfo, proto_tree *tree, void *data)
2773 g_assert(handle != NULL);
2774 ret = call_dissector_work(handle, tvb, pinfo, tree, TRUE, data);
2778 /* Call a dissector through a handle and if this fails call the "data"
2782 call_dissector_with_data(dissector_handle_t handle, tvbuff_t *tvb,
2783 packet_info *pinfo, proto_tree *tree, void *data)
2787 ret = call_dissector_only(handle, tvb, pinfo, tree, data);
2790 * The protocol was disabled, or the dissector rejected
2791 * it. Just dissect this packet as data.
2793 g_assert(data_handle->protocol != NULL);
2794 call_dissector_work(data_handle, tvb, pinfo, tree, TRUE, NULL);
2795 return tvb_captured_length(tvb);
2801 call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
2802 packet_info *pinfo, proto_tree *tree)
2804 return call_dissector_with_data(handle, tvb, pinfo, tree, NULL);
2808 call_data_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
2810 return call_dissector_work(data_handle, tvb, pinfo, tree, TRUE, NULL);
2814 * Call a heuristic dissector through a heur_dtbl_entry
2816 void call_heur_dissector_direct(heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tvb,
2817 packet_info *pinfo, proto_tree *tree, void *data)
2819 const char *saved_curr_proto;
2820 const char *saved_heur_list_name;
2821 guint16 saved_can_desegment;
2823 g_assert(heur_dtbl_entry);
2825 /* can_desegment is set to 2 by anyone which offers this api/service.
2826 then everytime a subdissector is called it is decremented by one.
2827 thus only the subdissector immediately ontop of whoever offers this
2829 We save the current value of "can_desegment" for the
2830 benefit of TCP proxying dissectors such as SOCKS, so they
2831 can restore it and allow the dissectors they call to use
2832 the desegmentation service.
2834 saved_can_desegment = pinfo->can_desegment;
2835 pinfo->saved_can_desegment = saved_can_desegment;
2836 pinfo->can_desegment = saved_can_desegment-(saved_can_desegment>0);
2838 saved_curr_proto = pinfo->current_proto;
2839 saved_heur_list_name = pinfo->heur_list_name;
2841 if (!heur_dtbl_entry->enabled ||
2842 (heur_dtbl_entry->protocol != NULL && !proto_is_protocol_enabled(heur_dtbl_entry->protocol))) {
2843 g_assert(data_handle->protocol != NULL);
2844 call_dissector_work(data_handle, tvb, pinfo, tree, TRUE, NULL);
2848 if (heur_dtbl_entry->protocol != NULL) {
2849 /* do NOT change this behavior - wslua uses the protocol short name set here in order
2850 to determine which Lua-based heurisitc dissector to call */
2851 pinfo->current_proto = proto_get_protocol_short_name(heur_dtbl_entry->protocol);
2852 wmem_list_append(pinfo->layers, GINT_TO_POINTER(proto_get_id(heur_dtbl_entry->protocol)));
2855 pinfo->heur_list_name = heur_dtbl_entry->list_name;
2857 /* call the dissector, as we have saved the result heuristic failure is an error */
2858 if(!(*heur_dtbl_entry->dissector)(tvb, pinfo, tree, data))
2859 g_assert_not_reached();
2861 /* Restore info from caller */
2862 pinfo->can_desegment = saved_can_desegment;
2863 pinfo->current_proto = saved_curr_proto;
2864 pinfo->heur_list_name = saved_heur_list_name;
2868 gboolean register_depend_dissector(const char* parent, const char* dependent)
2872 const char *protocol_name;
2873 depend_dissector_list_t sub_dissectors;
2875 if ((parent == NULL) || (dependent == NULL))
2877 /* XXX - assert on parent? */
2881 sub_dissectors = find_depend_dissector_list(parent);
2882 if (sub_dissectors == NULL) {
2883 /* parent protocol doesn't exist, create it */
2884 sub_dissectors = g_slice_new(struct depend_dissector_list);
2885 sub_dissectors->dissectors = NULL; /* initially empty */
2886 g_hash_table_insert(depend_dissector_lists, (gpointer)g_strdup(parent), (gpointer) sub_dissectors);
2889 /* Verify that sub-dissector is not already in the list */
2890 list_size = g_slist_length(sub_dissectors->dissectors);
2891 for (i = 0; i < list_size; i++)
2893 list_entry = g_slist_nth(sub_dissectors->dissectors, i);
2894 protocol_name = (const char*)list_entry->data;
2895 if (strcmp(dependent, protocol_name) == 0)
2896 return TRUE; /* Dependency already exists */
2899 sub_dissectors->dissectors = g_slist_prepend(sub_dissectors->dissectors, (gpointer)g_strdup(dependent));
2903 gboolean deregister_depend_dissector(const char* parent, const char* dependent)
2905 depend_dissector_list_t sub_dissectors = find_depend_dissector_list(parent);
2908 g_assert(sub_dissectors != NULL);
2910 return remove_depend_dissector_from_list(sub_dissectors, dependent);
2913 depend_dissector_list_t find_depend_dissector_list(const char* name)
2915 return (depend_dissector_list_t)g_hash_table_lookup(depend_dissector_lists, name);
2919 * Dumps the "layer type"/"decode as" associations to stdout, similar
2920 * to the proto_registrar_dump_*() routines.
2922 * There is one record per line. The fields are tab-delimited.
2924 * Field 1 = layer type, e.g. "tcp.port"
2925 * Field 2 = selector in decimal
2926 * Field 3 = "decode as" name, e.g. "http"
2931 dissector_dump_decodes_display(const gchar *table_name,
2932 ftenum_t selector_type _U_, gpointer key, gpointer value,
2933 gpointer user_data _U_)
2935 guint32 selector = GPOINTER_TO_UINT (key);
2936 dissector_table_t sub_dissectors = find_dissector_table(table_name);
2937 dtbl_entry_t *dtbl_entry;
2938 dissector_handle_t handle;
2940 const gchar *decode_as;
2942 g_assert(sub_dissectors);
2943 switch (sub_dissectors->type) {
2949 dtbl_entry = (dtbl_entry_t *)value;
2950 g_assert(dtbl_entry);
2952 handle = dtbl_entry->current;
2955 proto_id = dissector_handle_get_protocol_index(handle);
2957 if (proto_id != -1) {
2958 decode_as = proto_get_protocol_filter_name(proto_id);
2959 g_assert(decode_as != NULL);
2960 printf("%s\t%u\t%s\n", table_name, selector, decode_as);
2970 dissector_dump_decodes(void)
2972 dissector_all_tables_foreach(dissector_dump_decodes_display, NULL);
2976 * Dumps the "layer type"/"decode as" associations to stdout, similar
2977 * to the proto_registrar_dump_*() routines.
2979 * There is one record per line. The fields are tab-delimited.
2981 * Field 1 = layer type, e.g. "tcp.port"
2982 * Field 2 = selector in decimal
2983 * Field 3 = "decode as" name, e.g. "http"
2988 dissector_dump_dissector_tables_display (gpointer key, gpointer user_data _U_)
2990 const char *table_name = (const char *)key;
2991 dissector_table_t table;
2993 table = (dissector_table_t)g_hash_table_lookup(dissector_tables, key);
2994 printf("%s\t%s\t%s", table_name, table->ui_name, ftype_name(table->type));
2995 switch (table->type) {
3001 switch(table->param) {
3004 printf("\tBASE_NONE");
3008 printf("\tBASE_DEC");
3012 printf("\tBASE_HEX");
3016 printf("\tBASE_DEC_HEX");
3020 printf("\tBASE_HEX_DEC");
3024 printf("\t%d", table->param);
3036 compare_dissector_key_name(gconstpointer dissector_a, gconstpointer dissector_b)
3038 return strcmp((const char*)dissector_a, (const char*)dissector_b);
3042 dissector_dump_dissector_tables(void)
3046 list = g_hash_table_get_keys(dissector_tables);
3047 list = g_list_sort(list, compare_dissector_key_name);
3048 g_list_foreach(list, dissector_dump_dissector_tables_display, NULL);
3052 static GPtrArray* post_dissectors = NULL;
3053 static guint num_of_postdissectors = 0;
3056 register_postdissector(dissector_handle_t handle)
3058 if (!post_dissectors)
3059 post_dissectors = g_ptr_array_new();
3061 g_ptr_array_add(post_dissectors, handle);
3062 num_of_postdissectors++;
3066 deregister_postdissector(dissector_handle_t handle)
3068 if (!post_dissectors) return;
3070 if (g_ptr_array_remove(post_dissectors, handle)) {
3071 num_of_postdissectors--;
3076 have_postdissector(void)
3079 dissector_handle_t handle;
3081 for(i = 0; i < num_of_postdissectors; i++) {
3082 handle = (dissector_handle_t) g_ptr_array_index(post_dissectors,i);
3084 if (handle->protocol != NULL
3085 && proto_is_protocol_enabled(handle->protocol)) {
3086 /* We have at least one enabled postdissector */
3094 call_all_postdissectors(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3098 for(i = 0; i < num_of_postdissectors; i++) {
3099 call_dissector_only((dissector_handle_t) g_ptr_array_index(post_dissectors,i),
3100 tvb,pinfo,tree, NULL);
3105 * Editor modelines - http://www.wireshark.org/tools/modelines.html
3110 * indent-tabs-mode: t
3113 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
3114 * :indentSize=8:tabSize=8:noTabs=false:
git.samba.org / jlayton / wireshark.git / blob